Hi,
Is there a stock PCI report in NCM? I see VISA CISA, but I wanted to know if there is a PCI one directoy or if this is something I have to create?
Thanks in advance,
Bob James
Were these reports supposed to be generic like this?
Yes, these are intended as example reports for folks to customize.
Were they created off of these compliancy standards?
Compliancy standards aren't prescriptive to this level of detail, but to the extent that they are based on best practices, yes. However, there's likely a lot more that you might want to add based on your our internal requirements. Initially, most NCM customers were just looking to check the box.
Is there going to be a way to export and share compliancy reports within the content exchange?
Yes, this is a high priority item for a future release.
This would be something you'd have to create. However, there is a library of rules you can choose from to help you build your policies and reports.
More out of the box Policy Reports is on our roadmap.
I have also become more interested in compliancy reporting. I have tried to tweak some of the canned reports to cut out false positives. An example would the the Cisco Policy under the SOX Report. It looks things like having an enable secret set up by searching for a string of text "enable secret." However, it is searching for this across all Cisco devices, which includes ASA's WLC's etc, thus providing numerous critical errors that are false positives. I have tried to clean up these reports. My questions are:
Thanks
